Multichain
Published in

Multichain

Action Required: Critical Vulnerability for Six Token Contracts on Multichain

Dear users,

A critical vulnerability that affected 6 cross-chain tokens was reported by security firm Dedaub. If you ever have approved any of these 6 tokens on the Router (WETH, PERI, OMT, WBNB, MATIC, AVAX), please login into https://app.multichain.org/#/approvals to remove any approvals of these 6 tokens asap. Otherwise, your assets will always be at risk. Please do not transfer any of these 6 tokens to your wallet before revoking the approvals. The risk will be eliminated instantly upon revoking approvals.

The liquidity for these 6 tokens is fixed now. All assets on both V2 Bridge and V3 Router are safe and all cross-chain transactions can be done safely as usual.

Technical details will be released later. Many thanks to security firm Dedaub.

  • Who needs to revoke approvals

Only users who had approved the 6 tokens (WETH, PERI, OMT, WBNB, MATIC, AVAX) on Router are required to revoke approvals. For other people, no action is needed.

  • How to revoke approvals

1.If you have approved any of the contracts of the 6 tokens (WETH, PERI, OMT, WBNB, MATIC, AVAX), you need to revoke approval(s) and the options will appear according to your past activity. For example, if you had given contract approvals of WBNB and AVAX, you will see both BSC and AVAX buttons as follows when you login into https://app.multichain.org/#/approvals

2. If the BSC/Avalanche network is not connected, you need to switch networks by clicking on ‘Switch to BSC’ or ‘Switch to Avalanche’ and you will see a revoke button then. Please click on ‘Revoke’.

3. After that, a Metamask window will pop up, please click on the ‘Confirm’ button

4. Wait for a few seconds and the notification of ‘Approve BNB’ will appear on the top right corner, which means you have revoked the WBNB approval.

5. In addition to WBNB on BSC, you still need to revoke the approval of AVAX on Avalanche in this scenario. Please switch to the Avalanche network to revoke. The process is the same as for WBNB.

  • How to check the status of removal

To double check, you can simply refresh the page once you remove the approval(s). If the webpage shows ‘No actions needed’ as in the following screenshot, your removal process is completed.

If you have any questions, please reach out to us here:

Twitter: https://twitter.com/MultichainOrg

Email: contact@multichain.org

Help: https://multichain.zendesk.com/hc/en-us

TG: https://t.me/anyswap

--

--

--

An infrastructure for on-chain asset interoperability, envisioned to be the ultimate router for Web3 https://multichain.org/

Recommended from Medium

The future of post-quantum cryptography

The Government Issued Digital ID Use Case on Accumulate

VPNs for beginners: what a VPN can and cannot do

Data Protection In Nigeria.

CLOAKING WITH PEERCLICK IN 10 MINUTES

Article of the Day: the importance of Network Security

It’s time to talk to our kids about their privates.

Do you want to know ‘What it takes to be a Certified GCP Professional Security Engineer ?’

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Multichain (Previously Anyswap)

Multichain (Previously Anyswap)

Cross-Chain Router Protocol (CRP), an infrastructure for cross-chain interoperability, envisioned to be the ultimate router for Web3 https://multichain.org/

More from Medium

Multichain Integrates with Syscoin

0x_Nodes, Yield Across the EVM & Beyond

Introducing Mercenary DAO

A New Era for StakeWise — Decentralizing the Architecture